Anti-Money Laundering Policy

FDraft LLC ("Company") is committed to the highest standards of Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) compliance. This AML Policy establishes the framework, procedures, and controls that FDraft LLC employs to detect, prevent, and report money laundering, terrorist financing, and other financial crimes.

This policy applies to all employees, contractors, agents, and business partners of FDraft LLC, as well as all customers and transactions processed through the NexaPay platform.

FDraft LLC operates in accordance with applicable AML/CFT laws and regulations, including but not limited to the Bank Secrecy Act (BSA), the USA PATRIOT Act, EU Anti-Money Laundering Directives (AMLD), FATF Recommendations, and all other applicable national and international regulations.

FDraft LLC is a financial technology company headquartered at 1500 N Grant St Ste R, Denver, Colorado 80203, United States. We are formally registered as a Money Services Business ("MSB") with the Financial Crimes Enforcement Network ("FinCEN") under MSB Registration No. 31000327144592. As a FinCEN-registered MSB, we are subject to the full requirements of the Bank Secrecy Act and its implementing regulations.

Our AML compliance program is designed to meet the requirements of the following regulatory frameworks:

FinCEN / Money Services Business (MSB): FDraft LLC is registered with FinCEN as an MSB (Registration No. 31000327144592). We comply with all MSB obligations including AML program requirements, suspicious activity reporting (SARs), currency transaction reporting (CTRs), and recordkeeping under 31 CFR Chapter X.

Financial Action Task Force (FATF): We adhere to FATF's 40 Recommendations on combating money laundering and terrorist financing, including the risk-based approach to customer due diligence.

Bank Secrecy Act (BSA): We comply with BSA requirements including suspicious activity reporting, currency transaction reporting, and recordkeeping obligations as required for MSBs.

EU AML Directives: For European operations, we comply with the 6th Anti-Money Laundering Directive (6AMLD) and related national implementations.

OFAC Sanctions: We screen all customers and transactions against OFAC's Specially Designated Nationals (SDN) list and other applicable sanctions lists.

Local Regulations: We comply with AML/CFT regulations in all jurisdictions where we operate, including requirements from the FCA (UK), FinCEN (US), Colorado Division of Banking, and other relevant regulatory bodies.

FDraft LLC applies a risk-based approach to customer due diligence (CDD). All customers must complete our KYB process before accessing payment services.

Standard Due Diligence (SDD): Applied to lower-risk customers. Requires: - Certificate of Incorporation or equivalent - Proof of registered business address - Government-issued ID for all directors and beneficial owners (25%+ ownership) - Business description and expected transaction volumes - Source of funds declaration

Enhanced Due Diligence (EDD): Applied to higher-risk customers, including Politically Exposed Persons (PEPs), customers in high-risk jurisdictions, and businesses in sensitive industries. Requires all SDD documentation plus: - Enhanced source of wealth and funds documentation - Senior management approval for onboarding - More frequent ongoing monitoring - Additional reference checks

Simplified Due Diligence (SDD): May be applied to certain low-risk customers such as regulated financial institutions, listed companies, and government entities, subject to regulatory permissions.

Ongoing Monitoring: Customer profiles and transaction patterns are continuously monitored. We conduct periodic reviews of customer information, with frequency determined by risk level.

FDraft LLC requires identification and verification of all beneficial owners — individuals who ultimately own or control 25% or more of a business entity, or who exercise effective control over the entity.

Identification Requirements: For each beneficial owner, we collect: - Full legal name and date of birth - Nationality and country of residence - Government-issued photo identification - Proof of address (dated within 3 months) - Percentage of ownership or nature of control

Complex Structures: For businesses with complex ownership structures (multiple layers of holding companies, trusts, or nominee arrangements), we require documentation tracing ownership to the ultimate natural person(s) in control.

PEP Screening: All beneficial owners are screened against PEP databases. Enhanced due diligence is automatically triggered for any PEP connection.

Ongoing Updates: Customers are required to notify FDraft LLC of any changes to beneficial ownership within 30 days of such changes occurring.

FDraft LLC employs automated transaction monitoring systems to detect suspicious activity in real time and on an ongoing basis.

Automated Monitoring: Our systems analyze transactions for: - Unusual transaction volumes or frequencies inconsistent with the customer's profile - Transactions involving high-risk jurisdictions or sanctioned entities - Structuring patterns designed to avoid reporting thresholds - Rapid movement of funds through accounts (layering) - Transactions inconsistent with the customer's stated business purpose

Alert Investigation: Automated alerts are reviewed by our compliance team. Alerts are investigated, documented, and either cleared with supporting rationale or escalated for SAR filing.

Transaction Limits: We apply transaction limits based on customer risk profiles and verification levels. Limits may be adjusted based on ongoing monitoring results and customer history.

Sanctions Screening: All transactions are screened in real time against OFAC, EU, UN, and other applicable sanctions lists. Transactions involving sanctioned parties are automatically blocked and reported.

FDraft LLC has a legal obligation to report suspicious activity to relevant financial intelligence units (FIUs).

Reporting Obligations: We file Suspicious Activity Reports (SARs) or equivalent reports with the appropriate FIU when we know, suspect, or have reasonable grounds to suspect that a transaction involves proceeds of crime, is related to terrorist financing, or involves a sanctioned party.

Tipping Off Prohibition: Once a SAR has been filed or is under consideration, employees are strictly prohibited from disclosing this fact to the customer or any third party (except as required by law). Violation of this prohibition is a serious criminal offense.

Internal Escalation: Any employee who identifies suspicious activity must report it immediately to the designated Money Laundering Reporting Officer (MLRO) using our internal reporting procedures.

Record Retention: All SAR filings and supporting documentation are retained for a minimum of 5 years from the date of filing.

FDraft LLC maintains a comprehensive sanctions compliance program to ensure we do not facilitate transactions involving sanctioned individuals, entities, or jurisdictions.

Screening Lists: We screen against the following lists at onboarding and on an ongoing basis: - OFAC Specially Designated Nationals (SDN) and Blocked Persons List - EU Consolidated Sanctions List - UN Security Council Consolidated List - HM Treasury Financial Sanctions List (UK) - Other applicable national and international sanctions lists

Blocked Jurisdictions: We do not provide services to customers or process transactions involving countries subject to comprehensive sanctions, including but not limited to: North Korea, Iran, Syria, Cuba, and the Crimea region.

Screening Frequency: Customer and counterparty screening is performed at onboarding and updated in real time as sanctions lists are updated.

Escalation: Any potential sanctions match is immediately escalated to the compliance team and, where required, to relevant regulatory authorities.

All FDraft LLC employees receive AML/CFT training appropriate to their role and responsibilities.

Training Program: Our training program covers: - Recognition of money laundering and terrorist financing red flags - Customer due diligence procedures and requirements - Internal reporting obligations and procedures - Sanctions compliance requirements - Consequences of non-compliance

Training Frequency: All employees complete AML training upon joining and annually thereafter. Additional training is provided when regulatory requirements change or when specific risks are identified.

Money Laundering Reporting Officer (MLRO): FDraft LLC has appointed a designated MLRO responsible for overseeing the AML compliance program, receiving internal suspicious activity reports, and making SAR filings with relevant authorities.

Accountability: All employees are personally responsible for compliance with this policy. Failure to comply may result in disciplinary action, including termination, and may expose individuals to personal criminal liability.

FDraft LLC maintains comprehensive records to support our AML compliance obligations and to assist law enforcement investigations where required.

Records Retained: We maintain records of: - Customer identification and verification documents - Transaction records including amounts, dates, parties, and methods - Correspondence related to customer due diligence - Internal and external suspicious activity reports - Training records for all employees - Risk assessments and compliance reviews

Retention Period: All AML-related records are retained for a minimum of 5 years from the date of the transaction or the end of the customer relationship, whichever is later. Some records may be retained for longer periods where required by applicable law.

Accessibility: Records are maintained in a format that allows them to be retrieved promptly in response to requests from regulatory authorities or law enforcement.

This AML Policy is reviewed and updated at least annually, or more frequently when: - Applicable laws or regulations change - New products or services are introduced - New risks are identified through monitoring or audits - Regulatory guidance or industry best practices evolve

The MLRO is responsible for maintaining this policy and ensuring it remains current and effective. Material changes to this policy are approved by senior management and communicated to all relevant employees.

For questions about this AML Policy or to report suspicious activity, please contact our compliance team:

**FDraft LLC — Compliance Department** Email: compliance@fdraftllc.com Address: 1500 N Grant St Ste R, Denver, Colorado 80203, United States FinCEN MSB Registration No.: 31000327144592